Carter Malone, vice president of compliance at investment bank Crews & Associates, never leaves his desk, not even for lunch. Malone’s job is to review the content and ensure the proper storage of all electronic communications that come in and out of Crews pursuant to Financial Industry Regulation Authority rules. “You have to retain electronic communications for six years at least,” says Malone. “And FINRA rules require that you review 20% of the communications. I average about 80%. I don’t want to miss something.”
The financial-services industry is intensely regulated, which is one reason why Malone is chained to his desk. According to a recent CFO.com report, FINRA regulators are paying closer attention to broker-dealers than ever before, even as the Commodity Futures Trading Commission is turning up the heat on broker-dealer accounting policies. (See “Watchdogs Put Closer Eye on Broker-Dealer Accounting.”)
Another reason Malone stays put at lunch is the sheer volume of information that streams across his screen. Before he came to Crews in 2004, Malone worked at a small firm with 18 employees. There, he simply accessed the company’s Microsoft Exchange Server and performed keyword searches for “bad” words. “For me,” he says, “a [bad] keyword is guarantee. I don’t want to see that word. I can’t have a salesperson, a stock broker, use guarantee in a communication. The other big bad word is complaint. If we receive a complaint from a customer, the salesperson is not supposed to communicate with that customer. The rule says the complaint has to go to the salesperson’s supervisor and escalate to the compliance department.”
As for data retention, at his previous job that meant burning e-mails and other communications to a CD. “It wasn’t bad for 18 people,” says Malone, “but when you get to 200 employees, like Crews, it wouldn’t be feasible.”
Malone needs more-sophisticated IT at Crews, which provides underwriting and financial-advisory services to debt issuers, among other banking services. Every morning he fires up ZL Technologies’s Unified Archive Compliance Manager tool and keeps it running all day, checking for noncompliant communications that run counter to company policies and could violate federal regulations.
Malone doesn’t have to search for the bad words; the software extracts and highlights them. Using ZL Technologies’s eDiscovery product, which goes beyond keyword searching into concept searching — exposing patterns that could signal fraudulent intent, such as the misspellings spammers use to confound spam filters or the coded communications that conspirators tend to employ — Malone vets about 8,000 e-mails a day.
“Businesses are struggling with surging volumes of content,” says Brian Hill, principal analyst at Forrester, an IT consultancy. Much of that content is unstructured — such as Word documents, PDFs, e-mails, voice mails, video, and, increasingly, social-media inputs (tweets, Facebook “likes,” and so on) — and therefore is inaccessible to traditional enterprise resource planning systems with their stored invoices and tables of numbers.
All that data can cause organizations to accumulate “digital landfills” that generate significant costs in storage, tax IT resources, and clog up a company’s information pathways, creating knowledge-management tangles, says Hill. It can be difficult to gain access to the data you need, he says, if your company’s information systems have become a digital dump site.
In the age of Big Data, it’s critical for companies to have policies for data disposal as well as retention, says Hill. However, “disposal needs to be done in light of potential litigation concerns,” he points out, and needs to be suspended if legal matters are pending. In 2010, for example, FINRA fined investment bank Piper Jaffray $700,000 for its failure to produce requested e-mails.
There’s a substantial return on investment for businesses in digging out from under digital landfills by using new archiving and discovery technologies, says Hill. The return comes not only in lower IT costs and improved knowledge management, but also in the reduced risk of lengthy, costly forensic data reviews prior to and during lawsuits. “Preparing adequately for that alone can have a very significant ROI,” says Hill.
“Companies without a plan for unstructured data take on a whole lot of risk,” says Kon Leong, CEO of ZL Technologies. “The Securities and Exchange Commission, health-care regulations, [and] the Federal Rules on Civil Procedure that weigh digital evidence equally with physical evidence are all requiring that everything be kept forever.”
As daunting a task as that may seem, Leong illustrates its importance by telling a story about using his own technology to settle a dispute. “We had a trademark,” he recalls. “We saw a competitor use it. We sent them a [cease-and-desist] letter. They sent one back claiming they used it first. It took us 35 seconds to search through the archive for our earliest use of it. End of that argument.”
Leong goes on to make a larger point: that unstructured data — what he calls “the sum total of all human communications within an organization, [representing] your corporate memory” — is a potential source of competitive advantage. “If you can harness and extract value from that, you’ve gone from gathering unstructured data as a defensive measure for compliance, recordkeeping, and litigation support to an offensive position for competitive, strategic advantage,” says Leong.
A Simple Rule
Hill says a number of software providers offer products for searching, storing, archiving, and retaining Big Data. They range from large enterprise vendors such as Symantec, IBM, and HP Autonomy to smaller providers such as ZL Technologies. As is increasingly the case, their products are offered in both on-premise and software-as-a-service flavors, with the SaaS offerings lowering purchase and implementation costs and making this type of software more accessible to smaller businesses.
But prevention may be as effective as the cure. At Crews, Malone further mitigates the investment bank’s risks by banning instant messaging for his salespeople, denying them voice mail, blocking web-based e-mail, and putting the kibosh on Facebook. There are software providers that offer technological control over social-media communications; Forrester’s Hill cites Actiance as an example. But he stresses that “companies need to train people on the permissible use of social media. There needs to be a strong focus on policies.”
For Malone, when it comes to policy, there’s a simple rule to follow: “I tell all employees that every time they write an e-mail, they should think about reading it in front of a jury,” he says.
That, he adds, seems to sink in.